abunchtell
/
mastodon
1
0
Fork 0
Code Issues 0 Activity
The code powering m.abunchtell.com https://m.abunchtell.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2246 Commits
1 Branch
94 MiB
 
 
 
 
Tree: df4ff9a8e1
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'df4ff9a8e1'
${ noResults }
mastodon/spec/controllers/auth/sessions_controller_spec.rb

109 lines
2.9 KiB
Raw Blame History 

  1. require 'rails_helper'

  2. 

  3. RSpec.describe Auth::SessionsController, type: :controller do

  4.   render_views

  5. 

  6.   describe 'GET #new' do

  7.     before do

  8.       request.env['devise.mapping'] = Devise.mappings[:user]

  9.     end

  10. 

  11.     it 'returns http success' do

  12.       get :new

  13.       expect(response).to have_http_status(:success)

  14.     end

  15.   end

  16. 

  17.   describe 'POST #create' do

  18.     before do

  19.       request.env['devise.mapping'] = Devise.mappings[:user]

  20.     end

  21. 

  22.     context 'using password authentication' do

  23.       let(:user) { Fabricate(:user, email: 'foo@bar.com', password: 'abcdefgh') }

  24. 

  25.       context 'using a valid password' do

  26.         before do

  27.           post :create, params: { user: { email: user.email, password: user.password } }

  28.         end

  29. 

  30.         it 'redirects to home' do

  31.           expect(response).to redirect_to(root_path)

  32.         end

  33. 

  34.         it 'logs the user in' do

  35.           expect(controller.current_user).to eq user

  36.         end

  37.       end

  38. 

  39.       context 'using an invalid password' do

  40.         before do

  41.           post :create, params: { user: { email: user.email, password: 'wrongpw' } }

  42.         end

  43. 

  44.         it 'shows a login error' do

  45.           expect(flash[:alert]).to match I18n.t('devise.failure.invalid', authentication_keys: 'Email')

  46.         end

  47. 

  48.         it "doesn't log the user in" do

  49.           expect(controller.current_user).to be_nil

  50.         end

  51.       end

  52.     end

  53. 

  54.     context 'using two-factor authentication' do

  55.       let(:user) do

  56.         Fabricate(:user, email: 'x@y.com', password: 'abcdefgh',

  57.                          otp_required_for_login: true, otp_secret: User.generate_otp_secret(32))

  58.       end

  59.       let(:recovery_codes) do

  60.         codes = user.generate_otp_backup_codes!

  61.         user.save

  62.         return codes

  63.       end

  64. 

  65.       context 'using a valid OTP' do

  66.         before do

  67.           post :create, params: { user: { otp_attempt: user.current_otp } }, session: { otp_user_id: user.id }

  68.         end

  69. 

  70.         it 'redirects to home' do

  71.           expect(response).to redirect_to(root_path)

  72.         end

  73. 

  74.         it 'logs the user in' do

  75.           expect(controller.current_user).to eq user

  76.         end

  77.       end

  78. 

  79.       context 'using a valid recovery code' do

  80.         before do

  81.           post :create, params: { user: { otp_attempt: recovery_codes.first } }, session: { otp_user_id: user.id }

  82.         end

  83. 

  84.         it 'redirects to home' do

  85.           expect(response).to redirect_to(root_path)

  86.         end

  87. 

  88.         it 'logs the user in' do

  89.           expect(controller.current_user).to eq user

  90.         end

  91.       end

  92. 

  93.       context 'using an invalid OTP' do

  94.         before do

  95.           post :create, params: { user: { otp_attempt: 'wrongotp' } }, session: { otp_user_id: user.id }

  96.         end

  97. 

  98.         it 'shows a login error' do

  99.           expect(flash[:alert]).to match I18n.t('users.invalid_otp_token')

  100.         end

  101. 

  102.         it "doesn't log the user in" do

  103.           expect(controller.current_user).to be_nil

  104.         end

  105.       end

  106.     end

  107.   end

  108. end